手动漏洞挖掘(三) 文件上传
还是以Metasploitable中的DWVA为例
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDApLnBuZw==)
我们上传一张照片后:
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDEpLnBuZw==)
但是这里却显示了文件的路径,我们试猜想,如果上传的不是一个图片,而是一个php文件,而且文件中包含一句话木马,会不会有不同的效果
为了验证,这里我编写了一个简单的一句话木马1.php文件
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDIpLnBuZw==)
功能很简单打开cmd命令,将cmd命令的结果echo到页面中
同样这里上传成功:
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDMpLnBuZw==)
可以在输入框内将此路径放置在后面, 并且给cmd命令赋值:
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDQpLnBuZw==)
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAzUAAAArCAYAAABB2KaaAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAEnQAABJ0Ad5mH3gAABGXSURBVHhe7Zy/ry03Ecf5U0Di70oU0QQpBVBQICHlB0pEIpIqxUNCj+JFeSQREAUpKKJCiI73iFIAZWheckOb+rBjz6zH4xmv9+z5cffe70eydI7XHo/Hs2PP3T33OwcAAAAAAAAA2DFIagAAAAAAAAC7BkkNAAAAAAAAYNcgqQEAAAAAAADsGiQ1AAAAAAAAgF2DpAYAAAAAAACwa5DUAAAAAAAAAHYNkhoAAAAAAADArkFSAwAAAAAAANg1SGoAAAAAAAAAuwZJDQAAAAAAAHeIl19/iz/dH5DUAAAAAAAAcIdAUgMAAAAAAADYNUhqAAAAAAAAALsGSU3Av/79n8N7739weOPNt+dC37/88r/cAgAAAAAAAHAbQFJjoKSFEpjnf/DiXF7/5a8OL770o/k7Xb81yc2T1w7f/d4Lhw9v+LslXf9+Kc9/dPCaPnlVtUmlIzNiSZfE08MrehxXn5vDh8+rNifXxehAJbCLUNtnpT4n0+UYu3xxeDjd5C8/+oK/B3z+OAWDdz79mituJ88+fTDp+eDwyVdccUKePprsdCbZp4PX893PDs+4pkc7p7Z/tulbh4efc0WPrz47vDPiTydh0He3cNH5eIys51Y7bOzPNkqx4Sr2GrHROGvu81X3xgLnjF3CKfU9hpOMr/3Nkvap09vwfLH/68Mn75LsUq61Nh7X9peTYM4u9Pm+ESY19HTmhy/9OCUuv/7Nbw/ffPM/vnI4/PVvf5+TGirUjtpfjSpZ8Q+3Nx++kK6/8oQr5ABtDs2pnamTQ/xzI6f3AV0S3K6SOdXVY7Q6tvPosKhLTgzcMd32ns2mujDxUJxUl+PsMhy0dpHUnPZwY0FSwxUJ3ozt4fWCh9qLbLg7SGq22mFr/8qHkNQcyXljl3CRe6bDKcZ314f3p1xOH6PPE/tpzWuZeZzrrY/l2v5yEpDU+EkNPXmhRIWeyNhkhb7//OVfVEmNJDaXf2LDf61/9Wn6lpMP58B889HhuenA2yQlTv3Nje1MyFOB1w7xmXlQF4LHXUpM8kHdyuBxuonEqC4303z5o4b1k/6ZWuY4p9flOLvwwXRkI91DUsM6nisAn2djOzVbD0eD/a9+2F/hu1u49UnNVjts7c/6iX2Q1BzHmWOXsP+kxvib+ePKuWL05WK/nd91QVJzN3CTGnrFjBIVeiKjefT+75pkRhd6Fe2aRAdm/xBMjCQImSy7l9TU9JKadG14zFbGKXXx4SchOoFJT1rWyPA5hS5H2WVNonLrkxre3F5/PFnnPCCpUVz7sH8pf7ztSc1WO2zs3xx6kNQcwfljl7D3pGap/+6TmqvHm5pr+8tJMDGOPt83mqSGnsRQgkKvnFlsEuOVa/6+pn/Y9Q/S3YOwYrSdEI+ZD+nNUyMH/5Wq8URM6M3fJ0gkVowZcQpdjrFLDtTORspBYC4UYKvA0NuEy7WPg43A3yBamRJQS+lsKrwZrNGProWblbO5tG3VYUraS1k4hJZidFTjlvmrMZv+dsPRBzz+PJd2nt05cU29sYn9bOF5dDblPJYqThu75v3Di7Ld4rhqjrqtXbfOeljG/dOuw1QceW070qVdD01jh5Vs68++oHXT9rK+6s1h0Z8L1n9KIubbaG6v6wfG0/4Sj5mp7w1F41eRb0xwWy1b61Dh+ONJ9B320XG/t+1IF398G1Mif3T8zRDarUH7jJ1727/IbeNfPZd1ci2yfsv+VGykbVqvfxkvqteMr9daRm0itrXrH9VruYy9v1UcknuBPt83mqRGnsZ4r53ZBMYr1P9aRAfm+EmN9FlKVvhgfYpEgn9bQgfy3KaUNtHhg7rSrzeXiNWJBOtY9FGJRfXbmKmsTHS260KstIuzORISxKrNUAUKqQ+DnZZrgkmmBDW3nvUh+fX1KLBl7GY2pN+E7TezcHjI6ACt9JK+ZvNtdXLmJH2pmLVJ9jR1fZ28DaOea9hf6e7a0rFPwq3vzLOxb72+Tx856+2NEekz0cxR2qai5Yvt+npGvih2av3azMG7L2ScymfUWhpfSnTmPMTW/r15WJ0lhuixhvyZcNZl4tmnj7ld7LPHjJfrctFz89bXvTccu/jzysQ6OO2dNTuHvrHNx+Ky6KTHkbHreh6nWpepzqxTwtWzpmfnGpmfbd+Lk7kU3b226+RqvPUi/Ppio65duZS+/fktr9cxjNtExqzGUzHFq5e5uXZin9H19Pm+0SQ18urZEjaZkUL9r8VSItEmDXxY7yY1coBe/g2MZkkXq488fYgTGykrEgJmVSIhv2GpbCJ2mopOYqTtKZI9D1cXYdwu3eDhbChNwAja1nI5mOk2KchMGyMFM+fQ0w2eYRseR8sb0q+zCTr927YSrNv+TVsTgGfsOPLdHoQjGrllAxmxUzgn54BYyXPsk3Dqc//WRpXcSJ7DKn0morXwdGrkOHJDn5noXSvwZj7bWDZ3Z81lfO3bjGuHFWzt7851tq2dS2eOGu6v75NlmxqflYPMgC/F4/n9rS6tDVmXpm97X2X8+nDOoT/WdcKivo68md41jY3L/L2JdROiq7Rd44OhTRQjbTJsd3fsdk1E72ZOzVzXyRVCOwysgfS1beZ6O57VecV6Jbh9t1S6rLCJcz/mefCZQcmV+rTWHTuJHUQmfb5vuEkN/ej/Dx//qSr/ePLP6j+g/fmzvzTJDP1jgVuZ1LiJiT4UR0mNOszr35cMEOkiyUubCIg+ShdJgPTYXt0Cw4mESriqBG5OLuL5jCZ8m3UhVtnFHqoycvO3gWeiCXz+ISUFwWYzKG3SGHQ9ybObbefAowJpE3z5Wq33Gv2cTdAJkm3b8U3K2qHgB3UvODdI26p9rBNh9RiZk+sXkZ5NPcvz5qN9SvoFehd83+3ZrZljp20jP5pPpGdzn1jEL6nwOnT1icYL7DDM1v7Buq5ZB4v0rfp3/GdG2UhkjMzLHW9BTxNr7L2Rv3t9Zd1NDHBjV0cHx77b9W3HzwQ6a1g+FfH5nj7R+PH9Ioz4wYCPzUT3VSbL6cVJplmPdXITLMOzQexPhXANo1hkxluzXsexxiZtXErXJ/tmXcyacLuunsYO9Pm+ET6p8QolO/qfB9DvZ+i1NPkdDbW5nUlNJl8vhZ6KpDrvSYM6VLdPT5aJdImfyNgEIX7l7RyJRLGN0673REauDSZZm3VZa5cg2PWCmxt4zYYpwUu3qYNNDljpOsvT9VXQk83CKbXenY13QL9wzjJ+9/AQB2tv3noOTREZzrgFHs8rqzbVMoeRObkbRqSnre+so5S8HrWN6jVWLGzUnt2aOXZtbPwpmo/bd4Kvtz7mFR4jmlPCuTeIbp8BNvYPDxFr1mHEn4f0NHIC3x+7fzw9FUYfa4d4raXoOBXHrlAHx77b9Q36TuTrSj8Z3yl5jHhOCdZn9ptKXqxH6G+GpfkUtsZJplmPdXIT1iYzC7ZkQttE9w7rfNR6HcUWW+e+afykS10vdg/Xh6jmi6QmsfQfziix+fbbb7l1gRIbun4bf1PTI/UxB3I5HK+VpQl14WRpManptDttIqGeWHlJSyJOJC6uy0q75ACwYiMlTGDI1IGlDjqM7sefc4DkYJr6ZjlFNstNpd1QKx1cvYRl/cI5s9yyWXltWb4TrOuNZmxzSjjjZkRGoMPcPtaJsHMYmZO7aUZ62vpwPh48tip2XbO+jh074zRz7Opk1mrtfPi66C22s3Op5hEdPhKsj1nP0A6DbOvv65QYXodBf+7aRhCffXx4mGRqecLo/eP4i8boY++Nbl+L8RVNKMex7zn1zdfFT/T9qXynmoe5fyysTxVLuK4Uq0/H3wzj9hefOTZOMs16rJObYBmVTRILtmTc+ExE987W9VrNSpvoMdNnuZblJL2NzbrrXs0XSU1i5B8C2H8iQNB/S6Nrt/G/n8Xkw3r1l/35CU3vdzbLhLp0koCc1HCfCyU1+dqSLOfVOIF1cfV02KzLGrs0QbgQBkciCJA5mOSAmD43csuG9DTJL8Fz7lsFrolgLBuciG4wm1jSL+zv2KltGwfrow870fqE68Y6zPW9DaTdwEbm5PrFsJ49fSK4D5d53NAGE51rzRx7cqy+a+ejN+TOgSHrxPVr9CG67QfY2j+6P4mO7GodwnY8X6kf0lXbiD/be210vInevWrvhaXvPXrjhNeceZxP3xK7k+8NxuU1+lSw/FzUPdPzN0Nv7BrnvpoZiZNMsx7r5GqefdXOb2Q+oU3PtV7VOgWlus/W2qTck0m3uV/xR3uWGPErmS99vm80SQ3hvYL2k5/+LNVTsYmLPKW55qtnRO/A7JGSiOqJQOfwvpJYl2gMrp/1ucDrZyuSo2jMKhEbYLsu43bJN38QJMONXwKfEyA5YDz8PAciL6jkMR8fHpIMLTv1fTDVT9d1wJtl8ndGAlfRoQS/kAX9omAo9Vp2G/zjYN3INYE1JFoDsxHNsNzSnnXy1tiRPTIn30aB7YfGGMOOm79HcqK1cOwhOnqHC7tOK+eTr4lccyicEZ1Mu44+7Xqst6ewtX89R4NjL6GyG7db9uf+QTBj1t5b3+HxRE/vXm11ae6NzvxrgvuHaeQyUn8Rfa3N2FaRTrZdrE8ro9Dq3PU3Q+VjXZy4IDg2CeU2bdfJXSS0ZSHylbBvsK7HrdcI622S7M1PXrVeea7OWaJjW3t/0Of7hpvUUJJCP/rXSc3v//gJX62htvRKGrW/5lMaop9I1EmEfxjnA/PiwVoSk/gw302wnAO8q4/3VEL6zof6Dbqw/LHkyEnGWJei34V0GbILB6nmkFWQAKCD2LyRqsBQyDLfeTcHG9dLOGhauSXYTaUKRlyv9VQybDDuB9wl/UQHdU0CJBWlV7uxOXoy7UYTbRBUr2SGwVn6L+mpbFrN15nnxMic/E3T0Yfw9J/1dNrqg6iZc9ZN+vB4Hd8VPbWPij9Xc9R20/Kk3qurdPNt6dmp5wdVf/Fv125TmXVasEMjx+ra79/YMJJn1mrGtVem9jXHf/R8XTtYe8f/0rnECzPvgfGKz9RrKfX99S3tbKyk+rndYuxyfOxM+jZrnnBs2rWz7i+21nHF15PGrm1g/ct+75PHqMdNhPcFFe1XUl/7Wii38fd1chONjBqxW7M+3N5b0wTP2fqhjHfMeh3HepvInBqbq3vAzkv09Xxbt6fP9w03qSHoFTOd2NikhhKY997/IF2jdt4raZdmKJGQ4vylv2njlHyQ3pjUJDiBmkvwdMjRqX716nhd5MlGXNo+WVYpdRJyQV2W7BIFOYMOZnP7Tt85cIQbjwQvuylIMHWCpt7AqdBGWgVj55ASsKifHYtkSp3q025sPC/ngBhtNDrI5hIEbVdXvTlQoblz3dxe6aQOHKk4eo7MKZpLbTdeh1D/staRPo1t9PUNvtvMUenYjGn17qyHHSvyRduO7JjrTHt3vcx6LNlBZFh/kLEW+os95utGXugLwqK9HF+bi+fPQus/ZQ6tzxJlbWXMsfGKnra91j0T2sOuZdVmMHZV9xe3d+x7En2bsQIfse3I5lxXt2/Xi8Zsx++t64C/GVofY6L7gvS3a2X8iAjlNuuxTm5CZETXicafiu8s+WCzjpvW6xg22KS5R8THnbWYyOtUSpqjsQN9vm+ESQ1BiYt9Fe2NN99OT2bku/c6GgDXJt/wCxvpXnADM7irnNR3m4PIfthqh239+eDTO3yBZU4cu/Ka+oe8fXNOf1MHba45DeeSu2dul02Q1ARQ0kL/1YwSGCn0HckMuJXs+CDncXc3ctBwat/d672wVe+t/aO//IJVnDp23dlYeFZ/Q1JzOZDUXJuhpAYAAMAOuWMJPrjf4A88x4Ck5nIgqbk2SGoAAOCugqQG3CGQ1BwDkprLAZtcGyQ1AAAAAAAAgF2DpAYAAAAAAACwa5DUAAAAAAAAAHYNkhoAAAAAAADArkFSAwAAAAAAANg1SGoAAAAAAAAAuwZJDQAAAAAAAGDXIKkBAAAAAAAA7BokNQAAAAAAAIBdg6QGAAAAAAAAsGMOh/8DMgebMB4GGVsAAAAASUVORK5CYII=)
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDUpLnBuZw==)
漏洞利用成功,这是最简单的文件上传漏洞利用
但是这种方式在DVWA为最低安全级别,调制中安全级别,就会对文件类型做以判断,这时就需要用burpsuite来干涉发包行为,我们先对其数据包进行截断查看:
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDYpLnBuZw==)
修改如下:
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDcpLnBuZw==)
果然在客户端已经显示,我们将php文件已经上传:
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDgpLnBuZw==)
再次利用成功
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMDkpLnBuZw==)
如果把安全级别调制高安全级别:
对于高安全级别,先查看其源代码
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMTApLnBuZw==)
我们继续用burpsuite截断:
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMTEpLnBuZw==)
和之前同理我们修改其Content-Type,但是发现没有效果,因为此时的filename为1.php,我们既要将文件名修改为jpg类型的,又要符合PHP脚本后缀(为了让文件执行),这里可以这样做:
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMTIpLnBuZw==)
利用成功:
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMTMpLnBuZw==)
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAiAAAACHCAYAAAAvD+JjAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAAEnQAABJ0Ad5mH3gAAB44SURBVHhe7d13vBTV+QZw80vyMTHG9GYS07tBadIRCALSlY5ExBI1IqAShCjdAEqMKDakgyIdFOnSu4CIgIBw6f3SvAjc/v7meS8zzuydssvdncvA88f3w505M2d3z+zseebMWfaqzz//XFLlqquukszsbCIiIiIHBhAiIiIKHQMIERERhY4BhIiIiELHAEJEREShYwAhIiKi0DGAEBERUegYQIiIiCh0DCBEREQUOgYQIiIiCh0DCBEREYWOAYSIiIhCF9kAMnPWLGnTpo2UK1dOKlSoIHfddZe8N3Omlh04dEhuuukmOXn6dKH9Lhe79+zR1/j5uXOu5cVthnEsjqanu5alQqrao3Xr1jLtnXdcy4iI6OJFMoBMmjxZKlasqP8ePnpUTpw6JdPffddadyUEkLPnz+vrdCu7FNSrX1927NzpWpYKDCBERNESuQBy6rPPpGrVqho0YsuWr1ghqz/4wAog6DgaNW4st956q3Tr1k3OZWbqditWrZJWrVpJg4YN5Y477pBRo0dbdXiVYd9n/vMfub1uXe1cW7RoIR+sW2ftt+7DD3UUpn6DBsocjXGzcNEiadq0qdS5/Xatz3wtu4xOtGzZsrrc/tFH9fGffPJJ63nb2Ttcc7+3x4+Xfz7yiNSuXVuf9xtDh8pDDz8sdevV0xEJc1+vx4fJU6bo68Pr/+/zz8u9990nU6dP17J4X2Onxx7T54a6zcf1a3O7bdu36772dXiuGPFCoClTpoyMGDlS/vHgg3LnnXdK32ee0TaIDSB+j+f3+vE31jds1Ej69e/vCCDYZ+ybb1rbEhHRxYtcAFmxcqV2NKczMlzLwQwgA//7X+28MUpSqVIlWbZ8ud4WwN/vL1ig2+7dv18DTVDZkqVLtWPOMF4XyrBN/wED9G/sV61aNatDTtu1SypXriyfbNumy3afnTkj5cuXlwULF+oyOspSpUrpc9x/8KA+7+EjRmgZHgv14vHtdYC9wzX3mzhpkpYtWrxY6zQ7zjlz52pgwN9+j4/Xi78//OgjLXtr3Djt8FFPIq8RzwnPxxwB8WtX+37gF0DM1/z6kCG6Hu8BhKt3ZsxwtIff4/m9/n0HDkjp0qWt1492K1mypNWOS5ctk51pafo3EREVTeQCyKzZs6VKlSquZSYzgOzZt89ahytZXN2iA8XVrX37Hj176tWuX9mmLVt0rsmEiRPl4OHDjm3QQeGq2b6ua9eu8tLgwY51pvQTJ+R8Vpa1fMstt8j6DRus542O0CzDiIP9Ct1k73DN/dCJogzhAMvmLahPtm7VuTLmvl6Pj5EOjBaY6xHe0HHj9SXyGmMDiF+72tdBPAEEr9cs692nj/Ts1cvRHkGP5/X6cRsPI2bmerjtttusAEJERMkTvREQ44oVHQ3mfbiVg9kh2+eA3H333RoeMITetm1bx/bP/+9/0rlzZ98y/I1bPB07ddKrawSaVWvW6PoxY8fqSEGdOnUs1atXlz59+zrqMmF7TKBFHYCr7LXr1/s+b/v+4BZAcHVvLzO3RaeO52cuez3+6DFjpF27dtZ2gM4fHXAirzE2gAS1q108AcR8nYB6Hn/8cUd7BD2e1+vHerS3fb/mzZszgBARpUDkAgiG3REAMA8gtgxD7rh94deRYwQF8wLs+z3dvbsMePZZ3zL7ujNnz+rj4JYEljFUj/kI9m28YP4B9sO8DSxjMinmb4QVQPweH/M/0Nmb+2GUANuiA07kNcYGkHjbFT7dsUP3tc97wciLPYCYzx1QT6/evR3t4fd4fq8fr9M+AgQ1atRgACEiSoHIBRDAZEt0GiNHjdLbFcdPntTbBwgm6Hz8OvJjx4/r3AXMk8B6dERYxmiGXxnmV6CjQweHMswnMAMIhvRxq8LcDxNlu/foIR99/LEu26EeDPOjg0UH/9rrr+stAMwvCCOA+D0+On+MBmzZulW3RTujDB1wIq8RdaMe3NbAsl+72vcDvHbMycBtIyyvWbtWl+0BxLztc+TYMalZs6becrG3R9Bx9Hr9qMM+Bwa3ZDAnxAwgmH+0a/du/ZuIiIomkgEEZs+Zo/MjMLcBwaPdvffqLRKUBXXkK1ev1qF38xsS4ydMsLbzKkPIwTdSMCcA35zA0Dw6LXM/XEHj+WBSJCarYsjffhVvwq2j+x94QK/qW7ZsqZ0nOnJ8U8e8vZTKAOL3+JhQipEdfIsGox2vvPqqtoXZAcf7GgFthWNjjlT5tXmsocOG6Xb4pgse45577nGEDEyObdasmR4LfDMJz8HeHqjD6/GCXv+bb70ltWrV0nLUjVtS5reAMDrEb8EQESVHZAMIpQZuSdiX6zdooLct7OuKS2zIICKi6GIAIQvm1+AbRuatC4woYRTj0JEjhbYtDgwgRESXDwYQcpg7b57etsBtGNy6mDd/vut2xYEBhIjo8hG5AIL/dAud5NChQ+XFF1+kYobjgOOB4+J2vIiIiNxELoCgs5s6daqcwH8mdf68nDOuhqn4HD9+XKZMmXJJjZQQEdGlL3IBBFfc6PQyMjLk9OnTVMxwHHA8cFzcjhcREZGbyAUQDPufPXtWTp06RZcIjITguLgdLyIiIjcMIFRkOB4MIERElAgGECoyBhAiIkoUAwgVGQMIERElKrIB5OTJk3SJYAAhIqJEMYB46NChg/4QGf4nUPxYGX43ZMmSJa7bXumCAgh+q+fvf/+7/vibfT1+5wY/MmdfFw/8Rg3+x9bnBg50/OdkYf9HZcl6vBkzZ8rR9HTXsiD23+ohIooSBhAPCCDDhg3Tv9PS0uSll17SjhRfOY3d9koXTwDBj7uNe/ttx/qLDSCNGzfWTht/47dr8GN8+DuqAQQ/7Ldj507XsiAMIEQUVZEMIKgb/xFZKiGA4P+2MJcPHDggJUqU0H/NdfgF1REjRkiNGjXk8ccf13Xbtm2TBx98UK/Q69atK+PHj9f17du3l+eff97at2/fvlpuLn/44Yf66674e/DgwVon6sev7u7bt0/Xb9myRX+dtXr16vrLrGvWrLH2L044HkEBZNbs2domZlgAewDBLwG3atXK+vXaUaNHW9vZdejYUUem0Fb4pVy/EZB1Rpvi13vxg3qAX76NrQ/wa7r45Vv8yjHCQIsWLeSDdeuscq96Enm8ZcuX6y8MV6tWTUPD+g0bdH2nxx7TOvDYZqjyq2fS5Mka5ho2aiT9+vdnACGiyGIA8RAbQF577TV5+OGHHdugY8XPzm/fvl2DCUZHmjRpIqNGjZL09HRZuHCh3sJZuXKlTJo0STs2c19cxSNgbNq0SZeHDBkiffr00W2xfseOHbp+8+bN+i/qRseM/3UUy9OmTZPbjY4Ifxc3HI+gALIzLU3+06+fPPHEE9Z6M4Dg9gO2eX/BAl2/d/9+qVq1qnba5rZ2CCnmtl4BBHWiszc777Rdu6Ry5cr6k/v2umDJ0qUaPDKM14Fl1N1/wAD926+eeB/vyLFjUqFCBf1xP5RNMY5dzZo1dT9AHeYIiF89+4z3GMLXhx99pGVz5s6VkiVLMoAQUSQxgHhAAClbtqx2hPDXv/5VevToIUeOHLG2QaeJEQ9zGSMS9lEN6N27t/QzOl4EFNS3x+i0EFjQ+Xbv3l2GDx+u2913332yaNEiWWF0UuisZqFjPnrUqmf16tUaTBBEzHUYJdm6dau1XFxwPIICCDrYE6dO6cjFAiOYYb0ZQNDZ4orevk+Pnj31Ct++zhRPAEGnjJEC+35du3aVlwYPdqyDTVu2aJtPmDhRDh4+7Cjzqyfex3tnxgwNnOZ6jLgcNo4t5sTEBhC/eqa/+640stUDaE8GECKKIgYQD7EjIAgOGBZ/4YUXrHWxAeQdoyPALRJzGTAaYt6ewQgKRjDGjRsnr7zyisyePVseeughOXTokF4RY9QE240dO1aDDG5ZDBo0SNejbgQY3JKxsz9+ccHxiCeA4G9ctdepU0d/+t8MIGPffFPatm3r2Ae3Vzp37uxYZ4ongIwx2rBMmTL6WCbcuurTt2+h+gCjEx07ddLnitsaq4wwifV+9cT7eCjDa419TIgNIInWg/cAAwgRRVFkAwhGAlLJDCD2dQgO6CjNZXRWGIEwl5ctWya1atXSwGCue/bZZ2XgwIH6N+aDdOnSRQPJ2rVrNXhgVGOGcYWMq1xzH9OqVau0vgkTJsjy5ct1KB6jIrHbFTccj3gDCDxqtC2+wdLu3ns1gGB+CEKFfZ+nu3eXAUbb2deZ4gkgCDqYcxG7b5AzZ8/K8BEj9DYIlv3qiffxMLejfoMG1jJGPrYY7xvsFxtA/OpB0MBtOPs6jIIxgBBRFDGAeIgNIBhp6NixoxUmIDaA4PZM7dq15eWXX5Zjx47J+vXrtYPYuHGjlu/du1fLcdVq7oNREUwofe+993R5p9ER4VYMwglgWwQfBI9GmHjYr5/WDZgfYtaD54UAtGHDBp1LgucyevRonXtibpMqOB6JBJA9+/ZpmMLESwSQY0YdWF60eLGW7zI6diyboxCx4gkg6SdO6K0zs85Tn30m3Xv0kI8+/thRF0w02qhX7966H5Yx98QMIH71xPt4KMMtHvySM8pwywmjGtgPt2Mwj8OclBr0eKVKlbLmgOCWDOaEmAEE4eUT4/2Iv4mILnUMIB7MOSDoPAG3SPr3768du7lNbACBdevW6RA+bp/gvj9us9jLH3jgAenWrZu1PGbMGP1/Rg4fPqzLmOuBb9Hg8dARYcTEfExMWMX+KMNVcs+ePXU9yjFUj2/kvGt0ShhV2bVrl4Yb+2OlCo5HIgEERo4apZ03AgiWVxqvG+2GcIGr/PETJji2t4sngKBsrREAcdusbr16OskUt3XQ4dvrguMnT+pkYsynQChC6FtqhDmz3KueRB4Prw/zN3BsUL/9WzZ4bExWHjFyZGA9b771lo6KYZ4IvrmDW35Tp0/XMgRZ3M4y6yUiupQxgFCR4Xj4BRAiIqJYkQwgZ86c0XkWdGnA8WAAISKiRDCAUJExgBARUaIiewvGrSOk4oHjwQBCRESJiFwAwTdTzK+imt8GoeKD44BJsPjdHLfjRURE5CZyAWTe/Pn61VKEEAz9Z2RkUDFB++M44HjguLgdLyIiIjeRCyD7Dx7Uzg4jIRj2p+KFkQ8cDxwXt+NFRETkJnIBhIiIiKKPAYSIiIhCxwBCREREoWMAISIiotAxgBAREVHoGECIiIgodAwgREREFDoGECIiIgodAwgRERGFjgGEiIiIQscAQkRERKFjACEiIqLQMYAQERFR6BhAiIiIKHQMIERERBS6yAWQ/QcPytx582To0KHy4osvUhKhTdG2aGO3ticiIkqWyAUQdJBTp06VEydOyPnz5+XcuXOUJMePH5cpU6bIvPnzXdueiIgoWSIXQHCVjo4yIyNDTp8+TUmENkXboo3d2p6IiChZIhdAcKvg7NmzcurUKUoBjISgjd3anoiIKFkYQMgBbcsAQkREqcYAQg4MIEREFIbIBpCTJ09SCjCAEBFRGBhAPNx4442ydOnSQuvr168vY8aMKbTebsuWLbr/sWPHXMsvVvPmzeXtt992LUsWBhAiIgoDA4gHBhD39iciIkoGBhAPQQHk448/lpIlS8prr70m7dq1k4YNG0r37t01dMQGkIULF0rTpk2lbt26uv+QIUOs+mbNmiWNGjWSmjVrSq1atWTs2LFWGf6+7bbbpF69etKrVy9p1qwZAwgREV0WIhlAUDf+I7JUMgNI7HoEiNGjR8vmzZt1m0GDBun6AwcOaICYMGGCVXb06FHZvXu3lCtXTt577z3dbuvWrVKxYkWZO3euHDp0SMqWLWuVLViwQG666SbZuXOnbNu2TW6++WZZsWKFlk2bNk1KlCgh48aN0+VUQdsygBARUaoxgHiIN4B8+umnVtlTTz0l3bp1cwSQyZMn68iHvY6uXbtKz5499e+9e/fqf/5llpUuXVqWL18u48ePL7Rf9erVGUCIiOiywADiAQFi8eLFhdbXqVNHb42YIQOjGGZZv379pH379o4Agv9VtHXr1o46+vfvLx06dNC/33jjDWnRooXeosEtFoxyIPhgfcuWLR373XHHHQwgRER0WYhsAMGoQSphtAFzPezr9uzZo7dI5s2bJ5s2bdKQgbBhlnfp0kVHQMyyI0eO6G+r3H777Y56sF3v3r311kuVKlWsOhBYSpUqJUuWLNGggdEW+35Vq1bV9fZ1yYa2ZQAhIqJUYwDx8Oqrr0qNGjV0FARBYuPGjXL//ffraAaCghkynnvuOd0+LS1Nbr31Vpk0aZIjgGAOSPny5WXmzJm6HcJGhQoVdL4HbuXgNgsmq6anp+t8EtyCmTNnjtaBsIM5INgPt2QwJ4QBhIiILgcMID5wGwQBAaEAYQTfckHQQJkZMoYPHy6NGzfWEZMePXpomLAHEGz7/vvv6y0WjIRgVGPkyJG6ft++fdK2bVv9pkuTJk00vDz55JNSqVIlWbt2rQwbNkwfF9+QQd1t2rRhACEiossCA8hFig0Zlwu0LQMIERGlWiQDyJkzZ/SWRXHC/wOCAHL48GHX8qhC2zKAEBFRqjGAXCQGECIioosX2Vswbp0nFR3algGEiIhSLXIBBP+vBr6FgvkKmPBJyYM2xZwWTH51a3siIqJkiVwAmTd/vn5bBCEEtwsyMjIoCdCWaFO0LdrYre2JiIiSJXIBZP/Bg9pBYiQEtwooeTDygbZFG7u1PRERUbJELoAQERFR9DGAEBERUegYQIiIiCh0DCBEREQUOgYQIiIiCh0DCBEREYWOAYSIiIhCxwBCREREoWMAISIiotAxgBAREVHoGECIiIgodAwgREREFDoGECIiIgodAwgRERGFjgGEiIiIQscAQkRERKFjACkG+RUrSs7LL7uWJUNu9+6SV7eua1k88m+5RXJef921DPJ/8xuRn/1MjAMsmceOuW5TnMJ+frmPPSa57dq5ll2KUv3+M2WtXSvy5S+7lpFT1ooVkv/HP4p861sJnbtB7/VL6VyN2nkZtfM6ihhADLn33y+5993nWpYMsfVHPYCoXbuS9kGSkvZP4vMLUuQPupjXnz13ruRVqyZy7bUp6cDDCiCZhw5JzksvuZeRQ16tWpLTp49rWaCg93qI50KgKJ2XHvvjWOU++mih9ZQ4BpA9e0SuuUayPvnEvbyoXOpnALFJVftH5YPO5fVnLVsm2WPGaOcd6QBCccv/wx8ke9o017JADCCuGEAufVd8AMnt1Enymjd3LUsGt/rRAeR26SL5FSpo55P3t79J5tGjVnnOkCGS/+c/i3zzm5L/y19KbseOknnmjKOO7JkzNShgyFauv15yBgywyhwB5LPP9ITJa9VKMs+d03VB9aNerNMh4W9/W/KaNHE8P+X3QXLypOQ+8ojIz38u8oMfSO7dd0vmiROFtzN4tY+9g9TXc+edX5SXKqV15leuLPklSkheixaSefy4Va78nt/hw/qYeG7y058Wev1B7ZO1fXvBCAXKK1WSvDZtnB9URlvlNW4s8v3vi3znO9qembt3f1Fu4/f+Q4d0MQEkqH2C3n9xta+PrA0bCobbcfxdnn9g/Tt3Sl716gXtW768lnt2JAFtHfReAr9zKbA86L0e8PzymjUraKuvflXkJz/Rv/NatrTK43n+FxtAsjZtEvnKVyRz//4v1qel6THL+vRTx7YQ+fMy4FgF7n8BA0jyXNkB5MgRHebOWrfOvbyoPOrHiZz/u99J1pYtOkydf+ONktO3r1WePXy43hPOPHtWr5Dz//QnyenVyyrPWrlS5Gtfk+zx4wtCxcGDkj1unFVuBRDj5MeHQe4//iGZmZlWeVD9+mFrnKRZ27bpCYrOIPeee6xy5fNBgg8e7IPnhZMeH8C4zRC7nV/7BH3Qoc0yT5+WzKwsDUj4YDHLld/za9q0oH3w4YPX/5e/SE7PnlZ5YPsYnaK2h/Hhl7VokcjVVzs+qHK7dpW8GjU0/GWeP68jGvhwNcstAe+/ogQQv/YJev/F1b5x8JoDEvj8qlQp6BwyMvQ4ICR5BZCgtg56LwWdS0HlQe/1eN8LCB5uIyBBz19dZAABhNCcgQOt5Zxnnil4PbZtTFE/L4OOVdD+JgaQ5LmiA0ju008X6VZFEK/69US2nVi5//qX5LVu7djGTk/0hg2/WL733sDt8cGSX7q059W1XWz9CCC5//63tZw9fbpe/ZnLyuuDJD1d19s71axVqwrvb/Btn4APOkdge/ddkR//2FpWXs/P6ARw1YcPGHMdHks/OO3b2TjaZ9++gtdnu2WS16iRM4AYbZdfsmRBG9iCX6yg919RAohf+wS9/+Jq3zj4BRDP+o2r8ULtaxx7zwAS0NZB76XAc8mvPI73erzvheIKIDqqUKKEtYxOPXvUKMc2VlmUz8ugYxXHeW2tb9BAz5nY9ZS4KzeAGAlYvvtdyVq82L28qHzqDzqRs95/X4fF83/1K5Ff/EKHbvNq17bK82rW1H3M5Vgow8mEKxAM/cYO/wfVjwBinzyYtWZNwYeGbbjT64Mka/16XZ//+9/rfW1lXG3L976nbWJtW4T20Q+6V1+1lvUq+f/+T6+6zHWeH3TmBw1Gdy6sy548uaCdLiz7tY92qqgXV7QXtsdVnuODyriCy33iCf0wx3CudmD21w5xvP+KFEB82icp7RsH3wDiUb/VvriKvlBeqH3tAto66LUGnUt+5XG91+N5LxiKK4Do+/Ab39COOWv1apHrrnO0vV2Uz8ugYxXXeX1B3l13OYIWXbwrNoDk9O+vQ71uZcngV7/viWycAPL1r0v26NHWFVPuU0/psJ+1fRwjIOb2uW3bFjwP4wpDy+Oo33UExDjZzWV14EDBCRs7nGx8sOj6vXud62P4tQ8+ZHJeeMFazu3QodAHHZ6zuZw9YYLIj35kLSuv5xd0pRXUPheu0B338f3mKKSl6VyanOeec6yP5/1XlADi1z7xdCSB7RsHvwDiWb85ArJ1q1WuQ/le7Wvn0tZB76UijYDE+V63eLwXwCuABD1/5fVej7Mct7swFwm3Ffy+jRbp8zLoWCVyXu/Z493WlJBIBxBMFPI7YTzLjSt5TPjKnjGjcJlNqur37QCMN7Z86UuStXlzwfLBg5L/2986AoJeWVx9tZ7gel/a2EfvUV8o1/rMof1TpzTtW4Eijvp1DsgNN3wxB6RGDcl94AGrXBlXNZjIZb8fbsLEOn09xkmtV7Xbtzu3C2if3H/+U+vQZeODA1c8sR901hyV9PSCeS4PPWSVK7/nZ3Ro2j72e809ehSUx9M+xnG3vjKJK7pvfcvxQYXXpfMrcOWHORa4Vz1kiFUe+P7DB2xGhmRPnFjQgRt/O0afLvB6/wW1TzwBJLB9sV3A+eEXQHyfnxHM9F688RmS9cEHeoXuFUCC2jrovRR0LgWVB73XA98LF3gFkKDnr3ze6/GUZy1cqEFBfvhDyVqyxHUbiPp5GXSsgvY34RuC2VOmFFpPiYt0AMFMab976F7lOYMHS/7NNxdaHytV9Qd1ALq/caWEGdk6Uerhhx0nGuD+an6ZMnqSoDPDFbVZ5gggBu0IcPUwZ44uB9WvIyDGFZEOG+NbME2b6geKWW7KnjSp4D8WQgfRufMXZRh2Nq6mdJj02mt12DOnXz+rPLD9d+7U56Az6Y12wUSx2A86fX5Gvfr88KGYyPMzPrzwmvSbCddfL7nt2xd08hfKA9t/xw4NZTrHxrgqzKtf3/FBlTNokOT/+tc65I5jo/Wj8zLLA14/Oi1cjTmY96ptvN5/Qe0T1whIHO0bdH74joD41W9+C+a66/S54htcXkEnqK2D3kvgdy4Flge914Oe3wVeASSe5w+e7/U4y/G80aHHrneI+HkZdKwC978Aj8lJqMlx5d2CMU5+JHfPq4WiSnX9UZeE9sEHXc6wYa5ll7wQ3h9FbZ9kta9O8rvmmkLrE61fvw759NOuZZQc6Hjt3yi5GJE+L6lYXHkBxEi5Osx24T5i0qW6/qhLQvtE+oMuhPfHpRJAMFEvv2zZQuuD6sek56yNGwv+3rpVJwrq11djtqPkQNviNlPsZPVEMYBQoq7YSagUXfyg81fcAQT/nwJGPvT/GnEJDkH16+TbG27Q4IHbAvZvVlBy5Zcrp7c7cl55xbU8ETwvKVEMIERERBQ6BhAiIiIKHQMIERERhY4BhIiIiELHAEJEREShYwAhIiKi0DGAEBERUegYQIiIiCh0DCBEREQUOgYQIiIiCh0DCBEREYWOAYSIiIhCxwBCREREoWMAISIiotAxgBAREVHoGECIiIgodAwgREREFDoGECIiIgodAwgRERGFjgGEiIiIQpYt/w/x1K+fPu9mlwAAAABJRU5ErkJggg==)
![手动漏洞挖掘(三) 文件上传 手动漏洞挖掘(三) 文件上传](/default/index/img?u=ZmlsZTovLy9DOi9Vc2Vycy9BRE1JTkl+MS9BcHBEYXRhL0xvY2FsL1RlbXAvZW5odG1sY2xpcC9JbWFnZSgxMTQpLnBuZw==)
小结:在利用文件上传漏洞时候,结合burpsuite去截断查看数据包内容,可以猜测开发者的代码思路,从而进行漏洞利用
问题:如何对图片传输进行严格卡控?
对其输出的二进制文件,进行字节遍历,从而判断文件类型。如果对文件头卡控不严格,我们可以对其burpsuite截断,将一句话木马放到文件二进制字节后面(但是文件类型还需要有php,因为apache默认不会执行jpg文件)
或者我们对文件存放的目录权限降低,也可进行防守效果